build(deps): Bump mypy from 1.20.0 to 2.0.0

[dependabot]

Bumps mypy from 1.20.0 to 2.0.0.

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

Commits

• 7a76500 Remove +dev from version
• 5a3ab3b Changelog for mypy 2.0 (#21422)
• f9c86e2 Some changelog updates for 2.0 (#21413)
• 519eaf1 Bump librt to 0.10.0 (#21415)
• 158a620 Fix negative narrowing for containers (#21411)
• e556eb9 Try fixing mypy mypyc wheels (#21392)
• f2c9797 Expose --num-workers and --native-parser (#21387)
• db0cb2f Bump ast-serialize cache version (#21388)
• 1090ca6 Bump ast-serialize version to 0.3.0 only (#21391)
• 714ca9f [mypyc] Add note about librt.strings thread safety (#21383)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 duplication

Metric	Results
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

While the project is currently reported as 'up to standards' by Codacy, this PR introduces a high-risk major version bump for mypy (v2.0.0) without evidence of codebase compatibility or CI validation. Major version updates for static analysis tools typically introduce breaking changes and stricter rules that will likely cause build failures if the code is not adjusted. Additionally, the requirements.txt file contains a version of Django with multiple known security vulnerabilities (CVE-2026-5766, CVE-2026-6907, and CVE-2026-35192) that should be addressed.

About this PR

• Major version upgrades for static analysis tools are high-risk. Ensure the codebase has been successfully scanned with the new version locally or in CI before merging to prevent breaking the build.

Test suggestions

• Run mypy 2.0.0 against the codebase to ensure no new type-checking regressions or errors are introduced by the major version upgrade.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Run mypy 2.0.0 against the codebase to ensure no new type-checking regressions or errors are introduced by the major version upgrade.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

This major version bump for mypy introduces breaking changes and stricter default rules that will likely cause CI failures on the current codebase. Corresponding code updates are required to satisfy the new version's requirements.

Try running the following prompt in your coding agent:

Run mypy==2.0.0 on the project, identify any new type-checking errors or configuration mismatches, and provide the necessary fixes.

[codacy-production]

_{🟡 MEDIUM RISK}

Suggestion: Update Django to version 6.0.5 to resolve vulnerabilities CVE-2026-5766, CVE-2026-6907, and CVE-2026-35192.

Suggested change

	Django==6.0.4
	Django==6.0.5

[dependabot]

Superseded by #342.